The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Kim Dotcom's new MEGA encrypted file storage and sharing service launched today at mega.co.nz. The initial traffic is strong. Dotcom reported in a tweet two hours after launch, "250,000 user registrations. Server capacity on maximum load. Should get better when initial frenzy is over. Wow!!!"

Given his previous enterprise, MegaUpload, it would be easy to characterize MEGA as the latest haven of piracy, but Dotcom is spinning it differently. He has branded MEGA as "The Privacy Company." This is yet another shrewd chess move on his part. The opening move, as I described in this morning's post, "is that all files [on MEGA] are encrypted using a 2048-bit RSA key.… What this means effectively is that Dotcom cannot be accused of knowingly storing copyrighted materials because he cannot technically know the content of the files stored on MEGA—only the user who uploaded the files and/or possesses the key can."

After invoking Universal Declaration of Human Rights, Article 12 (an injunction against "arbitrary interference with his privacy, family, home or correspondence."), MEGA's site copy describes User Controlled Encryption, or UCE. Unlike Dropbox or the other big file storage services, MEGA uses "symmetrical encryption" where the user holds both the encryption and decryption keys. This is "unlike the industry norm where the cloud storage provider holds the decryption key."

This distinction is what enables file storage services to decrypt and hand over data to government authorities under subpoena. With MEGA, this can't happen, because it does not retain the decryption keys. So it doesn't know what you are storing on its servers and it can't find out. Is this a checkmate from the legal standpoint? Not so fast.

The whole system can still be undone by its users, who have the power to share their files and the encryption keys to those files as they choose. Even though the terms of service strictly forbid uploading and distributing copyrighted material, users routinely ignore TOS—especially for a site whose lineage involves infringement on a massive scale. If users are sloppy with their links and post them to public sites that index pirated material, MEGA could face clear external evidence of what is on its servers—even if it cannot see the files itself.

From the point of view of copyright holders, though, the necessity to use an encryption key does act as valuable friction against a file being shared too freely. In practice, it becomes more like a friend passing along a DVD to another friend than like making a file available simultaneously to the entire internet.

But, piracy issues aside, there is something appealing about the privacy pitch. With it becoming increasingly clear how Google and Facebook are mining user data—including emails, calendars, physical location and other personal information—the idea of having a place to store your data (and soon "Integrated on-site applications," like a calendar, word processor and spreadsheet) that cannot be Hoovered is seeming increasingly necessary—even if you have nothing to hide.

Maybe all of the privacy talk is a smoke screen for piracy as usual, and maybe MEGA will not really be a viable "privacy platform," but if not MEGA, then who? As useful as it can be (in some circumstances) for your experience of the web to be personalized for you through unobtrusive surveillance, more and more of us are going to want a bit more control. You don't have to opt out completely from Facebook or Google's ecosystems in order to decide to conduct some of your personal business truly in private.

So the question remains, is MEGA just for pirates? Or for privacy nuts? Or for everyone?